Privacy, Security Archive

"The software bug--known as a buffer overflow--caused key memory-management functions in the zlib compression library to fail, a condition that could allow a smart attacker to compromise Linux computers over the Internet, said Dave Wreski, director for open-source security company Guardian Digital". Read the rest of the report at News.com.

IBM developerWorks has come out with three articles on OpenSSH, a free version of the SSH protocol suite for network connectivity. The first discusses RSA/DSA authentication, the second introduces ssh-agent and keychain, while the last goes over Agent forwarding and keychain improvements. Its a great resource for someone who needs some encryption.

Seen this on WinInformat.com: "For at least the first 8 months of 2001, open-source poster child Linux was far less secure than Windows, according to the reputable NTBugTraq, which is hosted by SecurityFocus, the leading provider of security information about the Internet."

The FBI's National Infrastructure Protection Center has urged users of Microsoft's WindowsXP operating system to disable a feature that could leave computers open to attacks from hackers. In a statement issued Saturday, the FBI's NIPC, which usually leaves computer security warnings to the private sector, said it held technical discussions with Microsoft and industry experts Friday to identify ways to minimize the risk from security holes in the XP software, which was launched in late October.

"Researchers have discovered that hackers are already developing tools to take advantage of a hole that could allow the takeover of key servers in corporations and universities." Read the rest of the story at ZDNews.

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at OpenSSH web site. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.